Announcement Announcement Module
Collapse
No announcement yet.
Implementing RunAsManager. Need advice Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implementing RunAsManager. Need advice

    Hey guys,

    I plan to implement RunAsManager since I believe it's the only way to reset the authentication object stored in the SecurityContext. The reason why I want this implemented is because after the user logs in, I have another authentication page which asks for the users email. When the user enters the correct email address, I would want to add a GrantedAuthority to his current list of Authorities. Is this possible and is this the best way to do this?

    Basically, I want my web application to function like this:

    1. User logs in, enters username and password. Upon successfully authentication, user will have a role called ROLE_LOGIN
    2. After successful login, the user gets redirected to a page where the user should supply his/her own email address. If the email address is valid, add another authority in his List<GrantedAuthority> called ROLE_USER.
    Last edited by mportugal; Feb 6th, 2013, 06:43 AM. Reason: More information

  • #2
    Why would you need a RuNAsManager for that?!

    Get current authentication object from security context, create a new one with additional role, put that new one in security context and you are good to go.

    Comment


    • #3
      Is that safe? Is there any other way to alter the Authentication object besides retrieving and updating the SecurityContext manually?

      Comment


      • #4
        No... Why should there be another way, that is also what Spring Security does, the new object is stored after the request so on subsequent requests you have the new instance.

        Comment

        Working...
        X